I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

PowerPoint Slideshow about 'Mobile Payment Systems' - arleen

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

According to Forrester’s research, European consumers are uncomfortable with the idea of mobile payment i.e. “The fear of an unknown medium” and they are not even willing to try paying with their mobile device.

Great areas of promise is to bridge the gap between the touch and feel physical world and the convenient and cost-competitive on-line world.”

Technical Challenges

Accessibility

Convenience:To what extent can the payment method be used to pay for any type of content, from any location in the world, using any device? Some payment methods might require consumers to upgrade their existing handsets, or be pre-registered with a company.

Speed: Time spent using the payment method ,important when customers have to pay for the access.

An initiative by Nokia, Motorola and Ericsson seeks to establish a framework for secure m-commerce.

Confidentiality and integrity will be addressed by Wireless Transaction Layer Security (WTLS), while Wireless Identity Module (WIM) will ensure client and server authentication. WIM will also facilitate the use of digital signatures, which will help ensure non-repudiation.

- Encryption:Used to ensure confidentiality using encryption and decryption keys.

- Digital Signatures: used to ensure the authenticity of transaction parties, and the integrity and non-repudiation of transmissions.

- Digital Certificates: allows the distribution of the public keys in a secure manner that.A CA issues digital certificates. Contains four main components: a public key, information linking this public key to its owner, information about the certificate issuer, and the issuer’s digital signature.

- Public Key Infrastructure(PKI):is a set of standards that control the lifecycle of digital certificates. A PKI can help address the non-repudiation and authorization aspects of security.

- Secure Electronic Transaction (SET):a protocol by MasterCard and Visa to support bank card payments. SET is implemented using a PKI.

Current problems in SET payment systems:- SET has not been widely adopted because it was inconvenient to both the cardholders and the merchants. -> for example,to use SET security, the merchant has to issue each cardholder a software digital certificate, which is installed on his transaction terminal.- SET limits the cardholder’s ability to transact to only the SET_enabled terminal, so the cardholder would still not be able to use SET at his colleagues’s PC or at public terminals like kiosks or cyber cafes.- On the merchant’s end, SET used a hefty set of algorithms that cost a lot of computing power to process. This increased the cost of hardware needed for merchants to be SET-certified and it dissuaded many smaller merchants from using SET.

What is 3D SET?- A new initiative for secure mobile credit card-based payment, called “3D mo-del”.- It has three domain model. - It uses SET protocol for the Interoperability Domain.- It uses 3D-SET secure protocol for payer authentication.- It covers different areas of a Visa transaction flow: - The merchant and their bank – Acquirer Domain - The cardholder and their bank – Issuer Domain - The cardholder’s bank and the merchant’s bank – Interoperability DomainObjectives: - Reduce the effort of performing a SET payment on behalf of the cardholder. - Allow the cardholder to use their certificate from any mobile device access. Current Status:- 3D SET has gained ground in Europe and South America, but not yet in the US.

Payment authentication:- Cardholder verification – genuine cardholder is involved in a genuine transaction.- Card verification – a genuine card is being used by the person authorized to use it. - Merchant authentication – the website is run by a genuine Visa merchant.- The transaction is not compromised – details cannot be intercepted or abused.How does it work?The 3D SET model provides:- A flexible framework allows banks and payment acquirers to use theirown methods to authenticate cardholders and merchants in a transaction.- Original SET protocol is used in the Interoperability Domain, so that each party uses the secure and complex interoperability protocol to communicate with the others.- A SET Wallet resides on a central bank server and provides the SET transactional capability.- The bank’s cardholders who have SET certificates also have accounts within the central wallet. The issuing bank can decide how to authenticate its own cardholders because it owns the wallet.

Advantages:ØStandard by Visa and MasterCard.ØUses existing credit card backend processing systemsØUses signatures-> It removes the need for specified software on the cardholders PC and allows the cardholder to use many different payment channels from PC to mobile phones.Disadvantages:Ø Chicken, egg and farmer problem: requires adoption and software by merchant, buyer, and both their banksØ Complex, expensive certification processesØ Fat wallets, complex spec> Small market share, unclear future.

What is smart card? A smart card is a microchip which is equipped with - payment card: bank and/or credit card - SIM card for a mobile phone - electronic ID card - a combination of the above cards- A smart card is an embedded microcircuit, which contains memory and a microprocessor together with an operating system for memory control. - The smart card is a secure storage location for secret information. It is similar to the size of a credit card or a smaller SIM card.- Smart card features: (a) Personal (b) Portable (C) A Security Token- Applications: electronic identification, signature, encryption, payment and data storage. Smart Card Standards- ISO 7816 EMV GSM OCF

The SIM card is a smart card that is present in the vast majority of mobile phones worldwide.- It plays a very important role in the wireless service chain.- It can be used to customize mobile phones regardless of the standards. (GSM, PCS,..)- It offers: - new menus, prerecord numbers - sending short messages for query - and secure transactionsSmart cards are issued by the financial services industry to reduce the exponential increase in fraud, and create new channels.Advantages:- Reduce fraud significantly, i.e., in 75% drop on fraud after smart card adoption.- Large storage space than traditional magnetic stripe.- Easily add many mobile applications- Additional level of security

Issues in SIM cards:- Security risks: - SIM cards can be cracked and copied. - The attack can be invasive or non-invasive.- Business issues: How to get enough card users and merchants to make money? Merchants are as vital as the customers for the smart card payment systems.- Interoperability: - Too many SIM cards coming to the market- Legal problems: - A pending law suit could damage reputation.

What is M-wallets?- M-wallets are the most popular type of mobile payment option for transactions. - A Mobile Wallet module (m-Wallet) provides a convenient single-click, commerce payment mechanism. - They allow a user to store billing and shipping information that the user can recall with one-click while shopping from a mobile device. - They enables users to store all the information required to fill out commerce-related forms from any application.- A M-wallet is an encrypted entity at the server side that contains payment instrument, identification, and address information for registered users. New technologies are being integrated into m-wallet software, which enables cell phone users to make transactions using speech-recognition and voice-authentication technologies (Deitel & Deitel, 2002).

Advantages:- May be perceived as more secure by the user since the wallet is stored locally. - SIM Application Toolkits can communicate with the remote server using USSD. SIMCards that use USSD are substantially faster than WAP equivalents.Disadvantages:- A personal wallet is closely tied to the device. It cannot be used to purchase items through different languages (WML, HTML, and CHTML) or other devices.- Since the wallet is stored and implemented in hardware, it is very difficult and expensive to update. If new functionality is added to the wallet, a new SIM Card has to be sent to every user.- SIM Card applications are proprietary which makes it difficult for them to support new payment technologies such as 3D Secure.- SIM Card solutions are closed in that they are either tied to a single bank or network operator. This means a merchant’s available market is limited. - Since a wallet is stored locally, the wallet and potentially the user’s sensitive financial information is compromised if the device is lost or stolen. Also, getting a new SIM Card wallet to replace the lost SIM may take some time.

Advantages:- If the user’s device is lost or stolen the wallet can still be used.- Since the entire wallet information is hosted remotely, it is possible to add new functionality to the wallet without having to update every user’s device.- The service provider has full control over the wallet, making it is possible for them to quickly add support for new devices.- Since the service provider hosts the wallet they have full control over the functionality and branding.- Self-hosted wallets can be more easily integrated with service providers’ other services and web portals.- It is easier to add support for extra payment instruments (credit cards, debit cards, micropayments, etc.).

Advantages:- The service provider has control over which payment providers are used. -> This allows them to use a provider that gives them the best deal on transaction charges. -> It also allows them to easily integrate with merchant payment providers.- Since wallets are hosted within the service providers’ domain it is possible to leverage CRM data to automatically create and populate wallets.- As use of the wallet increases, the operator has the ability to increase the level of hardware running the wallet service to match demand.Disadvantages: - A hosted wallet takes time to integrate with the service providers’ infrastructure (billing system, WAP gateway, etc.). - Since the wallet is hosted within the service provider’s network, they have the responsibility of maintaining the hardware.

Advantages:- The wallet server is managed by the third party. This means that the service provider’sIT department does not need to manage the hardware associated with the wallet.Disadvantages:- Because the wallet is developed and maintained by a third party, the service provider cannot decide what payment instruments are supported. Also, the third party solution may only support a limited set of devices.- Since the wallet is hosted remotely, the service provider may have no control over the branding of the wallet.- The third party generally maintains relationships with a limited number of payment providers. This makes it difficult to add support for extra payment providers that may be required by individual merchants.- The service provider has no control over the hardware infrastructure provided by the third party to host the wallet. It is possible that, at times, the third party solution does not have the processing power to supply the level of service required.

MasterCard Global Mobile Commerce Working Group proposed “Remote Wallet Server Archiecture”. - The architecture covers payment scenarios with three variants such as TCP/IP initiated, SMS initiated and WAP initiated. The 3 variants differ in the initiation phase. In each variant, we can distinguish three phases (see Figure below).1) initiation phase -the merchant server sends a payment initiation message to a cardholder device.2) interaction phase between the cardholder device and SET wallet server In this phase, the cardholder, device(s) forward the merchant’s initiation message such that the wallet server either receives or is able to retrieve the SET Wake-up message. The cardholder approves the transaction and the wallet server authenticates the cardholder.3) the SET transaction phase. In this phase the SET wallet server and the merchant SET server conduct a SET transaction. The initiation phase and cardholder device is the wallet-server interaction phase. The SET transaction phase is completely governed by the SET specification.

Hosted mobile wallets solve so many of the problems in mCommerce.- For network operators and financial institutions, hosted mobile wallets overcome the security and usability issues that inhibit the adoption of next generation networks and services.- For merchants’ added revenue in is provided to be a challenging new delivery channel.- For device manufacturers, hosted mobile wallets speed the adoption of new hardware by delivering a rich user experience on new and improved devices.- Finally, for consumers the hosted mobile wallet unlocks the true potential of the mobile Internet and next generation networks and devices, giving the mobile user secure, easy-to-use payment options, allowing them to easily set preferences and enabling secure identification.